Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by Predator (25-07-2021 12:50:51)
Running from C:\Users\poper\AppData\Local\Temp\scoped_dir15712_1213979991
Windows 10 Home Version 21H1 19043.1110 (X64) (2021-03-12 01:39:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1028854792-605204066-1811816243-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1028854792-605204066-1811816243-503 - Limited - Disabled)
Guest (S-1-5-21-1028854792-605204066-1811816243-501 - Limited - Disabled)
Predator (S-1-5-21-1028854792-605204066-1811816243-1001 - Administrator - Enabled) => C:\Users\poper
WDAGUtilityAccount (S-1-5-21-1028854792-605204066-1811816243-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Ultra (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Ultra (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Jumpstart (HKLM-x32\...\{E3930B59-5669-4BAB-A329-D56C1427C613}) (Version: 3.3.19180.100 - Acer)
Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3019 - Acer Incorporated)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated)
Dynamic Application Loader Host Interface Service (HKLM\...\{8FA2C20E-BB89-48F1-A486-38746E611124}) (Version: 1.0.0.0 - Intel Corporation) Hidden
ExpressVPN (HKLM-x32\...\{878F6EB4-73BF-4A1E-9A92-6DDF9EDC8A8B}) (Version: 2.2.19325.10 - Acer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.107 - Google LLC)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.5.10103.7263 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{70281077-96c3-4f75-938c-dc4746110c00}) (Version: 10.1.17903.8106 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1908.12.0.1231 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6617 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.2.0.1009 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000110-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.110.0.3 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{F4F771E2-6E23-4F27-93E1-27C22C71B7E2}) (Version: 17.2.0.1009 - Intel Corporation)
Killer Ethernet Performance Driver Suite UWD (HKLM\...\{2BC138AD-0144-4B09-998B-77D25B26B1FA}) (Version: 2.0.1159 - Rivet Networks)
Killer Wireless Driver UWD (HKLM\...\{0ECA1A24-6838-4283-89AC-096200F1FC95}) (Version: 2.0.1132 - Rivet Networks)
Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\...\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-CA) (HKLM-x32\...\{9C5505DA-F9C1-46CB-9F8F-AC38F8EA518A}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-GB) (HKLM-x32\...\{A0186231-0A8B-455A-8A25-B64AABCC11A6}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-IE) (HKLM-x32\...\{998D5259-3BED-4710-98FF-D63387B5429E}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-NZ) (HKLM-x32\...\{07FC9CAD-FCEC-4186-BB83-EF7CCC9372BA}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-US) (HKLM-x32\...\{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}) (Version: 11.0.7400.336 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.55 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 92.0.902.55 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1028854792-605204066-1811816243-1001\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-IN) (HKLM-x32\...\{3B06AC90-DE68-44A9-95EB-0A3C1AF1514F}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Mozilla Firefox 66.0.5 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.5 (x64 en-US)) (Version: 66.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.5 - Mozilla)
MSI Afterburner 4.6.3 (HKLM-x32\...\Afterburner) (Version: 4.6.3 - MSI Co., LTD)
NVIDIA GeForce Experience 3.17.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.126 - NVIDIA Corporation)
NVIDIA Grafický ovládač 466.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 466.27 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera GX Stable 77.0.4054.275 (HKU\S-1-5-21-1028854792-605204066-1811816243-1001\...\Opera GX 77.0.4054.275) (Version: 77.0.4054.275 - Opera Software)
PredatorSense Service (HKLM\...\{8D399C7A-8693-4BDE-9D22-D43CBB8BBF62}) (Version: 3.00.3136 - Acer Incorporated)
Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3017 - Acer Incorporated)
RivaTuner Statistics Server 7.3.0 (HKLM-x32\...\RTSS) (Version: 7.3.0 - Unwinder)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
User Experience Improvement Program Service (HKLM\...\{E9495FD3-F73D-4D33-A104-047F9E8BE6C7}) (Version: 4.00.3104 - Acer Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WinRAR 6.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{C9470F90-F309-454D-96C0-F3C4C691F7A8}) (Version: 3.3.1805.0412 - SplitmediaLabs)

Packages:
=========
Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3026.0_x64__48frkmn4z8aw4 [2021-07-01] (Acer Incorporated)
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3019.0_x64__48frkmn4z8aw4 [2021-03-16] (Acer Incorporated)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.8.1151.0_x64__rz1tebttyb220 [2021-07-13] (Dolby Laboratories)
GoTrust ID -> C:\Program Files\WindowsApps\GOTrustTechnologyInc.GO-TrustAuthenticator_3.1.21.0_x64__0r04f53sqacg6 [2021-07-09] (GoTrustID Inc.)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\appup.intelgraphicscontrolpanel_3.3.0.0_x64__8j3eq9eme6ctt [2021-03-11] (INTEL CORP)
Killer Control Center -> C:\Program Files\WindowsApps\rivetnetworks.killercontrolcenter_2.1.2925.0_x64__rh07ty8m5nkag [2021-03-11] (Rivet Networks LLC) [Startup Task]
Microsoft Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.1810.0_x64__8wekyb3d8bbwe [2021-03-11] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-07-09] (Microsoft Studios) [MS Ad]
Neat Office -> C:\Program Files\WindowsApps\15191PeakPlayer.NeatOffice_3.2.5.0_x86__y5c4dfz5b21fm [2021-05-05] (Any DVD &amp; Office App)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-29] (NVIDIA Corp.)
PhotoDirector for acer -> C:\Program Files\WindowsApps\cyberlinkcorp.ac.photodirectorforacerdesktop_8.0.5229.0_x64__ypz87dpxkv292 [2021-03-11] (CYBERLINK COM CORP)
PowerDirector for acer -> C:\Program Files\WindowsApps\cyberlinkcorp.ac.powerdirectorforacerdesktop_14.0.4304.0_x64__ypz87dpxkv292 [2021-03-11] (CYBERLINK COM CORP)
PredatorSense_V30 -> C:\Program Files\WindowsApps\AcerIncorporated.PredatorSenseV30_3.0.3136.0_x64__48frkmn4z8aw4 [2021-06-19] (Acer Incorporated)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3017.0_x64__48frkmn4z8aw4 [2021-04-04] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.9.214.0_x64__dt26b99r8h8gj [2021-03-11] (Realtek Semiconductor Corp)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2021-07-09] (Microsoft Corporation)
Waves MaxxAudio For Acer -> C:\Program Files\WindowsApps\WavesAudio.20761030F5EAC_1.0.67.0_x64__fh4rh281wavaa [2021-03-11] (Waves Audio)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-13] () [File not signed] [File is in use]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-02-13] () [File not signed] [File is in use]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_c2cb13ef5ef8addf\nvshext.dll [2021-04-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-07-25 11:37 - 2021-07-25 11:37 - 001844224 _____ () [File not signed] D:\Program Files (x86)\SteamLibrary\steamapps\common\Torchlight II\CEGUIBase.dll
2021-07-25 11:37 - 2021-07-25 11:37 - 000104448 _____ () [File not signed] D:\Program Files (x86)\SteamLibrary\steamapps\common\Torchlight II\CEGUIExpatParser.DLL
2021-07-25 11:37 - 2021-07-25 11:37 - 000129536 _____ () [File not signed] D:\Program Files (x86)\SteamLibrary\steamapps\common\Torchlight II\CEGUIFalagardWRBase.DLL
2021-07-25 11:37 - 2021-07-25 11:37 - 006822912 _____ () [File not signed] D:\Program Files (x86)\SteamLibrary\steamapps\common\Torchlight II\OgreMain.dll
2021-07-25 11:39 - 2021-07-25 11:39 - 000131584 _____ () [File not signed] D:\Program Files (x86)\SteamLibrary\steamapps\common\Torchlight II\Plugin_CgProgramManager.dll
2021-07-25 11:37 - 2021-07-25 11:37 - 000269824 _____ () [File not signed] D:\Program Files (x86)\SteamLibrary\steamapps\common\Torchlight II\Plugin_OctreeSceneManager.dll
2021-07-25 11:37 - 2021-07-25 11:37 - 000547328 _____ () [File not signed] D:\Program Files (x86)\SteamLibrary\steamapps\common\Torchlight II\RenderSystem_Direct3D9.dll
2021-07-25 11:37 - 2021-07-25 11:37 - 001084928 _____ (Firelight Technologies) [File not signed] D:\Program Files (x86)\SteamLibrary\steamapps\common\Torchlight II\fmodex.dll
2019-02-13 00:10 - 2019-02-13 00:10 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2021-07-25 11:37 - 2021-07-25 11:37 - 005615616 _____ (NVIDIA Corporation) [File not signed] D:\Program Files (x86)\SteamLibrary\steamapps\common\Torchlight II\cg.dll
2021-07-25 11:37 - 2021-07-25 11:37 - 000226304 _____ (RAD Game Tools, Inc.) [File not signed] D:\Program Files (x86)\SteamLibrary\steamapps\common\Torchlight II\binkw32.dll
2021-07-25 11:37 - 2021-07-25 11:37 - 001102848 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\Program Files (x86)\SteamLibrary\steamapps\common\Torchlight II\LIBEAY32.dll
2021-07-25 11:39 - 2021-07-25 11:39 - 000237056 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\Program Files (x86)\SteamLibrary\steamapps\common\Torchlight II\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\poper:Heroes & Generals [38]
AlternateDataStreams: C:\Users\poper\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\poper\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1028854792-605204066-1811816243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-1028854792-605204066-1811816243-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 09:31 - 2021-05-16 10:26 - 000002192 _____ C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70      fitgirlrepacks.co               # Fake FitGirl site
109.94.209.70      fitgirl-repacks.cc              # Fake FitGirl site
109.94.209.70      fitgirl-repacks.to              # Fake FitGirl site
109.94.209.70      fitgirl-repack.com              # Fake FitGirl site
109.94.209.70      fitgirl-repacks.website         # Fake FitGirl site
109.94.209.70      fitgirlrepack.games             # Fake FitGirl site
109.94.209.70      www.fitgirlrepacks.co           # Fake FitGirl site
109.94.209.70      www.fitgirl-repacks.cc          # Fake FitGirl site
109.94.209.70      www.fitgirl-repacks.to          # Fake FitGirl site
109.94.209.70      www.fitgirl-repack.com          # Fake FitGirl site
109.94.209.70      www.fitgirl-repacks.website     # Fake FitGirl site
109.94.209.70      ww9.fitgirl-repacks.xyz         # Fake FitGirl site
109.94.209.70      www.fitgirlrepack.games         # Fake FitGirl site
109.94.209.70      *.fitgirl-repacks.xyz           # Fake FitGirl site
109.94.209.70      fitgirl-repacks.xyz             # Fake FitGirl site
109.94.209.70      fitgirl-repack.net              # Fake FitGirl site
109.94.209.70      www.fitgirl-repack.net          # Fake FitGirl site
109.94.209.70      fitgirlpack.site                # Fake FitGirl site
109.94.209.70      www.fitgirlpack.site            # Fake FitGirl site

2021-04-05 10:03 - 2021-04-11 19:28 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 LAPTOP-2UV0H9VG.mshome.net # 2026 4 5 10 17 28 33 944

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1028854792-605204066-1811816243-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\poper\Desktop\wallpaper_lost_ark_01_1920x1080.jpg
DNS Servers: 192.168.88.1 - 46.151.57.84
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-1028854792-605204066-1811816243-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1028854792-605204066-1811816243-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1028854792-605204066-1811816243-1001\...\StartupApproved\Run: => "Battle.net"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E88753E6-7CFE-45BE-9F19-62EEBCE203FE}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{2D0B12D9-4804-43D3-9502-C1047BA61ED5}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{29833FEC-492E-48D4-BD1C-966E629DA9A7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{0C63BE9B-5930-40FE-8484-825A00403AF7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{34266B84-364E-4E18-9E9A-BE7C7EA5E410}C:\users\poper\appdata\local\programs\opera gx\75.0.3969.259\opera.exe] => (Allow) C:\users\poper\appdata\local\programs\opera gx\75.0.3969.259\opera.exe => No File
FirewallRules: [UDP Query User{4ABB5AEE-DE55-4834-94A6-1D76270716DF}C:\users\poper\appdata\local\programs\opera gx\75.0.3969.259\opera.exe] => (Allow) C:\users\poper\appdata\local\programs\opera gx\75.0.3969.259\opera.exe => No File
FirewallRules: [TCP Query User{D75D907E-0CA7-4E25-BB42-02A8806EA60C}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [UDP Query User{1035E0A5-01EE-4A38-8FC3-70DEC9662F14}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [TCP Query User{B9430C7B-6AF3-40E1-A778-E89B1A712993}C:\users\poper\appdata\local\programs\opera gx\75.0.3969.267\opera.exe] => (Allow) C:\users\poper\appdata\local\programs\opera gx\75.0.3969.267\opera.exe => No File
FirewallRules: [UDP Query User{D4F0EC78-D6AE-4A5F-908C-E5322FE31080}C:\users\poper\appdata\local\programs\opera gx\75.0.3969.267\opera.exe] => (Allow) C:\users\poper\appdata\local\programs\opera gx\75.0.3969.267\opera.exe => No File
FirewallRules: [TCP Query User{75931F62-8A13-4EA8-BD20-821C509BCE51}C:\users\poper\appdata\local\programs\opera gx\75.0.3969.279\opera.exe] => (Allow) C:\users\poper\appdata\local\programs\opera gx\75.0.3969.279\opera.exe => No File
FirewallRules: [UDP Query User{B9C37F55-7C2B-4339-93B5-42E74BB4915D}C:\users\poper\appdata\local\programs\opera gx\75.0.3969.279\opera.exe] => (Allow) C:\users\poper\appdata\local\programs\opera gx\75.0.3969.279\opera.exe => No File
FirewallRules: [TCP Query User{079E3867-2937-4301-927F-17CB72B13177}C:\users\poper\appdata\local\programs\opera gx\75.0.3969.285\opera.exe] => (Allow) C:\users\poper\appdata\local\programs\opera gx\75.0.3969.285\opera.exe => No File
FirewallRules: [UDP Query User{F53AFE06-A83B-4A9A-BC1F-5B7FD731ED7E}C:\users\poper\appdata\local\programs\opera gx\75.0.3969.285\opera.exe] => (Allow) C:\users\poper\appdata\local\programs\opera gx\75.0.3969.285\opera.exe => No File
FirewallRules: [TCP Query User{7F05D17C-8B54-46AD-BE1F-07874AD7B1BD}D:\program files (x86)\steamlibrary\steamapps\common\cryptic studios\neverwinter\live\x64\gameclient.exe] => (Allow) D:\program files (x86)\steamlibrary\steamapps\common\cryptic studios\neverwinter\live\x64\gameclient.exe (Cryptic Studios Inc. -> )
FirewallRules: [UDP Query User{73A45BBB-0A79-452E-950F-40FD3682D239}D:\program files (x86)\steamlibrary\steamapps\common\cryptic studios\neverwinter\live\x64\gameclient.exe] => (Allow) D:\program files (x86)\steamlibrary\steamapps\common\cryptic studios\neverwinter\live\x64\gameclient.exe (Cryptic Studios Inc. -> )
FirewallRules: [TCP Query User{9B7542A5-85F3-4CCF-ABA0-755EBACF33D8}D:\program files (x86)\steamlibrary\steamapps\common\crsed\win64\cuisine_royale.exe] => (Allow) D:\program files (x86)\steamlibrary\steamapps\common\crsed\win64\cuisine_royale.exe => No File
FirewallRules: [UDP Query User{30905284-503A-4636-8B63-32A71A99D581}D:\program files (x86)\steamlibrary\steamapps\common\crsed\win64\cuisine_royale.exe] => (Allow) D:\program files (x86)\steamlibrary\steamapps\common\crsed\win64\cuisine_royale.exe => No File
FirewallRules: [TCP Query User{74049F69-0696-4E35-ABFE-CF1EB897EC94}D:\games\total war - warhammer 2\warhammer2.exe] => (Allow) D:\games\total war - warhammer 2\warhammer2.exe => No File
FirewallRules: [UDP Query User{8B35749B-248D-48CE-831E-984E0FC56E30}D:\games\total war - warhammer 2\warhammer2.exe] => (Allow) D:\games\total war - warhammer 2\warhammer2.exe => No File
FirewallRules: [TCP Query User{F5A98CEA-A504-4E4B-8840-7766EEAEA4DB}C:\users\poper\appdata\local\temp\nsp3ece.tmp\aria2c.exe] => (Allow) C:\users\poper\appdata\local\temp\nsp3ece.tmp\aria2c.exe => No File
FirewallRules: [UDP Query User{C122ADAE-1811-45AE-9A17-2B2EFB18DBCB}C:\users\poper\appdata\local\temp\nsp3ece.tmp\aria2c.exe] => (Allow) C:\users\poper\appdata\local\temp\nsp3ece.tmp\aria2c.exe => No File
FirewallRules: [TCP Query User{8CBFB283-2C65-40B0-A0C5-35E6A538C9F3}C:\users\poper\appdata\local\programs\opera gx\76.0.4017.208\opera.exe] => (Allow) C:\users\poper\appdata\local\programs\opera gx\76.0.4017.208\opera.exe => No File
FirewallRules: [UDP Query User{62ED7424-B7EF-4D8B-888B-F06648588F4C}C:\users\poper\appdata\local\programs\opera gx\76.0.4017.208\opera.exe] => (Allow) C:\users\poper\appdata\local\programs\opera gx\76.0.4017.208\opera.exe => No File
FirewallRules: [TCP Query User{2C5C0D6C-1B4D-44F8-ABA2-B2768BB940D4}C:\users\poper\appdata\local\programs\opera gx\76.0.4017.227\opera.exe] => (Allow) C:\users\poper\appdata\local\programs\opera gx\76.0.4017.227\opera.exe => No File
FirewallRules: [UDP Query User{31F93359-C33D-4414-98D1-5B3D838C3D02}C:\users\poper\appdata\local\programs\opera gx\76.0.4017.227\opera.exe] => (Allow) C:\users\poper\appdata\local\programs\opera gx\76.0.4017.227\opera.exe => No File
FirewallRules: [TCP Query User{38437651-7CDF-4F8B-86E1-236838037C10}D:\program files (x86)\steamlibrary\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) D:\program files (x86)\steamlibrary\steamapps\common\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [UDP Query User{D60B14B9-B6C2-49B2-ABAC-F0F31B90BAD7}D:\program files (x86)\steamlibrary\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) D:\program files (x86)\steamlibrary\steamapps\common\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [TCP Query User{449828BF-7DC7-4804-A23F-D0FCE9188672}C:\users\poper\appdata\local\programs\opera gx\77.0.4054.257\opera.exe] => (Allow) C:\users\poper\appdata\local\programs\opera gx\77.0.4054.257\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{17AC7322-8416-42FC-AE7B-5C651ACE52B1}C:\users\poper\appdata\local\programs\opera gx\77.0.4054.257\opera.exe] => (Allow) C:\users\poper\appdata\local\programs\opera gx\77.0.4054.257\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B2FACF79-25AF-48BB-A89D-2006DD6ECFA0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{AC1CEFCA-EBC6-449E-B0C9-4ACC02792945}C:\users\poper\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\poper\appdata\local\gamecenter\gamecenter.exe => No File
FirewallRules: [UDP Query User{07AD557E-52AE-4185-97AC-5D909C337A04}C:\users\poper\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\poper\appdata\local\gamecenter\gamecenter.exe => No File
FirewallRules: [TCP Query User{A6CED169-D479-40EA-A01B-14A2CFE84763}C:\users\poper\appdata\local\programs\opera gx\77.0.4054.275\opera.exe] => (Block) C:\users\poper\appdata\local\programs\opera gx\77.0.4054.275\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{D68D5F35-6DA9-4612-9C2A-89DA477D8886}C:\users\poper\appdata\local\programs\opera gx\77.0.4054.275\opera.exe] => (Block) C:\users\poper\appdata\local\programs\opera gx\77.0.4054.275\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{E42CD2D1-E5DD-4376-AF5D-F12741180571}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\92.0.902.55\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{290DB0EA-C480-44B6-99EF-BB030E216B3A}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Torchlight II\ModLauncher.exe (Runic Games, Inc. -> Runic Games, Inc.)
FirewallRules: [{B8A558B3-109C-4AE1-A193-C6182CD68591}] => (Allow) D:\Program Files (x86)\SteamLibrary\steamapps\common\Torchlight II\ModLauncher.exe (Runic Games, Inc. -> Runic Games, Inc.)

==================== Restore Points =========================

16-07-2021 23:10:02 Inštalátor modulov systému Windows
20-07-2021 11:16:59 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
20-07-2021 11:17:06 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
23-07-2021 20:30:25 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
25-07-2021 10:12:33 Removed Mu

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/25/2021 09:45:12 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: LAPTOP-2UV0H9VG)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/24/2021 10:32:48 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: LAPTOP-2UV0H9VG)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/24/2021 05:17:37 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: LAPTOP-2UV0H9VG)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/24/2021 03:34:01 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: LAPTOP-2UV0H9VG)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/24/2021 11:58:08 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: LAPTOP-2UV0H9VG)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/24/2021 09:25:11 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: LAPTOP-2UV0H9VG)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/23/2021 04:58:42 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: LAPTOP-2UV0H9VG)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/23/2021 08:13:48 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: LAPTOP-2UV0H9VG)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.


System errors:
=============
Error: (07/24/2021 10:12:15 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-2UV0H9VG)
Description: The server microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

Error: (07/24/2021 10:12:15 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-2UV0H9VG)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.

Error: (07/24/2021 10:12:15 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-2UV0H9VG)
Description: The server Microsoft.Windows.Search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy!ShellFeedsUI.AppXfbff151h5bmghg166fvn34ccayg70vts.mca did not register with DCOM within the required timeout.

Error: (07/24/2021 10:12:15 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-2UV0H9VG)
Description: The server Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub.AppXt4mh7c9swwc5cmd5jgmtmwcfmvkddpn1.mca did not register with DCOM within the required timeout.

Error: (07/23/2021 08:37:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Steam Client Service zlyhalo kvôli nasledujúcej chybe: 
The service did not respond to the start or control request in a timely fashion.

Error: (07/23/2021 08:37:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Steam Client Service bol dosiahnutý časový limit (30000 ms).

Error: (07/17/2021 10:56:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Steam Client Service zlyhalo kvôli nasledujúcej chybe: 
The service did not respond to the start or control request in a timely fashion.

Error: (07/17/2021 10:56:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Steam Client Service bol dosiahnutý časový limit (30000 ms).


Windows Defender:
================
Date: 2021-07-25 12:44:35
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-23 18:17:22
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-20 10:21:03
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-19 16:30:37
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-07-15 11:09:24
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
﻿
CodeIntegrity:
===============
Date: 2021-04-13 09:04:18
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\GameforgeLive\Games\CZE_ces\4Story\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2021-04-13 09:04:15
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\GameforgeLive\Games\CZE_ces\4Story\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2021-04-13 09:04:07
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\GameforgeLive\Games\CZE_ces\4Story\GameGuard\npggNT64.des that did not meet the Microsoft signing level requirements.

Date: 2021-04-03 19:14:56
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2021-04-03 19:14:47
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.21.1.151\symamsi.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: Insyde Corp. V1.12 07/28/2020
Motherboard: CFL Alphard_CFS
Processor: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Percentage of memory in use: 58%
Total physical RAM: 16223.24 MB
Available physical RAM: 6731.07 MB
Total Virtual: 18655.24 MB
Available Virtual: 3521.13 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:475.82 GB) (Free:367.49 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:831.95 GB) NTFS

\\?\Volume{de26ca39-a5f4-4c91-9488-56c71870028f}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.49 GB) NTFS
\\?\Volume{884707e2-4b53-4d0a-bae7-bfecb22f1d8f}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================